You can change the security configuration so that individual services are directly accessible through HTTP connections.

About this task

To configure security settings for vSphere 5.0 and earlier, see Change Security Settings for a Web Proxy Service 5.0 and earlier.

Procedure

  1. Log in to the ESXi Shell as a user with administrator privileges.
  2. Change to the /etc/vmware/rhttpproxy directory.
  3. Use a text editor to open the endpoints.conf file.
  4. Change the security settings as required.

    For example, you might want to modify entries for services that use HTTPS to add the option of HTTP access.

    Option

    Description

    connection-type

    Acceptable values include:

    • local

    • remote

    • namedpipe

    • localtunnel

    • remotetunnel

    • namedpipetunnel

    endpoint-address

    • For local and localtunnel, supply the port number.

    • For remote and remotetunnel, supply the HostName/IP_address:Port.

    • For namedpipe and namedpipetunnel, supply the location of the name pipe in the file system.

    HTTP Access mode

    Forms of communication the service permits. Acceptable values include:

    • allow - Allow HTTP access.

    • redirect – If the Endpoint address is a local port, then the client is redirected to 443. If the Endpoint address is a remote host, then the client is redirected to that host.

    • reject - No HTTP access.

    HTTPS Access mode

    Acceptable values include:

    • allow - Allow HTTPS access.

    • reject - Do not allow HTTPS access.

  5. Save your changes and close the file.

Example

The following example shows a completed endpoints.conf file.

# Endpoint Connection-type Endpoint-address HTTP-access-Mode HTTPS-access-mode
/ local 8309 redirect allow
/sdk local 8307 redirect allow
/client/clients.xml local 8309 allow allow
/ui local 8308 redirect allow
/vpxa local 8089 reject allow
/mob namedpipe /var/run/vmware/proxy-mob redirect allow
/wsman local 8889 redirect allow
/sdkTunnel namedpipetunnel /var/run/vmware/proxy-sdk-tunnel allow reject
/ha-nfc local 12001 allow allow
/nfc local 12000 allow allow

What to do next

After you make the changes to the endpoints.conf file, make the reverse proxy reload the new endpoints by using the command kill -HUP <pid_of_rhttpproxy>